package tlsx

import (
	"crypto/tls"
	"fmt"

	"google.golang.org/grpc/credentials"
)

const (
// KeyPEM  = `<your key PEM>`
// CertPEM = `<your cert PEM>`
)

func TlsCfg() *tls.Config {
	cfg := tls.Config{
		MinVersion:       tls.VersionTLS12,
		CurvePreferences: []tls.CurveID{tls.X25519, tls.CurveP256},
		CipherSuites: []uint16{
			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		},
	}

	cert, err := tls.X509KeyPair([]byte(CertPEM), []byte(KeyPEM))
	if err != nil {
		fmt.Println(err.Error())
	}
	cfg.Certificates = append(cfg.Certificates, cert)
	return &cfg
}

func GrpcCertificates() credentials.TransportCredentials {
	//serverCert, err := tls.LoadX509KeyPair("cert/server-cert.pem", "cert/server-key.pem")
	cert, err := tls.X509KeyPair([]byte(CertPEM), []byte(KeyPEM))
	if err != nil {
		fmt.Println(err.Error())
	}
	// Create the credentials and return it
	c := &tls.Config{
		Certificates: []tls.Certificate{cert},
		ClientAuth:   tls.NoClientCert,
	}

	return credentials.NewTLS(c)
}
